Chinese whispers of malware writing and bribery in the industry

Several recent stories in the media have revolved around China and malware writers, with the much confusion as to the real
facts.

After rumours last week that Spanish security firm Panda had hired the Chinese author of the Fujacks virus,
a story of high-level corruption resurfaced this week following reports that a former official of Beijing
Municipal Public Security Bureau has been given a 'suspended death sentence' after being found guilty of corruption involving
well-known Chinese AV firm Rising.

The latest story arose from the long-running saga of corporate rivalry between Rising and its competitor
Micropoint, which was founded by former senior employees of Rising. According to reports, government
official Yu Bing
was convicted in August of embezzlement and corruption on a grand scale, with part of his crimes related to his role in
keeping Micropoint down - allegedly in return for bribes from the rival company. Micropoint was denied
access to official testing and its employees were accused, and even convicted, of creating malware for their own advancement.

The
newest developments were fanned by an incendiary piece in anti-establishment Chinese news source the Epoch Times,
which threw a barrage of allegations at Rising, and indeed all parts of the Chinese security
industry, claiming outright that malware writing by those in the industry is 'an open secret'. Sources inside Rising have
denied any involvement in the case, implying it is part of a smear campaign conducted by the firm's competitors.

"It seems pretty unlikely that anyone working in a serious security firm would consider creating their own malware," said
John Hawes, Technical Consultant at Virus Bulletin. "This is an industry which relies heavily on trust and respect between
competitors; there's a very strong moral code which totally forbids anything like that. Many outside the industry seem to
find it amusing to suggest such theories, but most researchers will have heard the same thing many, many times. Those in
the know are well aware that creating new malware is not only unethical but pointless, given the vast amounts being produced
by the bad guys; it would be like a city-centre road-sweeper sneakily sprinkling fragments of paper out of his pocket to
make sure he's still needed tomorrow. There's more than enough garbage to clean up out there, and few security firms are
worried about the problem going away by itself."

The Epoch Times report is here, with some more
sober coverage of the sentencing in China's Global Timeshere.
More comment and insight can be found in The Registerhere,
and on Sophos's Naked Security blog here.

This latest rash of rumours follows the similarly murky and complicated story of Panda and Li Jun, the creator of Fujacks,
aka the 'Panda-burning-Joss-sticks' virus (so named thanks to the cartoon-style icon some variants used to replace those of the
files they infected). Several news sources picked up on reports from China that the Spanish firm had hired the convicted malware
author, but rumours were quashed by Panda, who claimed the confusion was sparked by some marketing activities by
a Chinese distributor. Details can be again be found in The Register,
here, and on the Sophos blog,
here,
with a rather terse announcement from Pandahere.

2 comments

Ah, but did you consider the China factor? Things work a little differently over there. Why not write malware if you have the only virus for it? Specifically, the key in this case was not precisely the efficacy of the malware, but the fact that Rising bribed a public security bureau agent to tell people there was this malware, and thus make sales for them--this is what the Epoch piece said, anyway.

by mr11, 15 December 2010, 02:26

I've been with several security companies. To the best of my knowledge, none of them have knowingly hired a malware writer, nor have internal developers created home brewed malware. Occasionally, I'd be asked by test organizations for any particular "nasty" samples our SW may have captured. I could not send these out.

This site uses cookies to store information on your computer.
To find out more about our cookies and how to manage them, take a look at our Cookie Information page. By using our site, you agree to our use of cookies and our terms and conditions.